Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Manufacturing Extension Partnership (MEP)

Cincinnati Crane Survives and Thrives After Cybersecurity Attack

With the help of: Ohio Manufacturing Extension Partnership (Ohio MEP)

About

Cincinnati Crane & Hoist is a very small veteran-owned manufacturer of world-unique overhead crane system solutions for commercial, industrial, defense, and specialty applications. Located in Harrison, Ohio, Cincinnati Crane's 17 employees support Founder, President, and CEO Tony Strobl in his daily pursuit of creating the highest quality equipment that meets the needs of their customers.

The Challenge

In 2017, Cincinnati Crane experienced a devastating cybersecurity attack. The attackers compromised the company’s email system and executed pay fraud attacks against Cincinnati Crane’s customers. The resulting loss of revenue (over $250,000) and reputational damage nearly put the company out of business. Cincinnati Crane spent the next 18 months recovering from the attack. In 2019, the president of Cincinnati Crane asked TechSolve, part of the Ohio MEP and the MEP National Network™, to help make his organization more secure.

It's still hard to believe that a company our size garnered that type of attention from hackers. We are so glad that we already had a relationship with the Ohio MEP and TechSolve that had the cybsecurity expertise to help us. We've learned a lot from this experience and want others to know that it's no longer something you can opt to do - this is a part of doing business today.
— Tony Strobl, President/CEO

MEP's Role

TechSolve performed a detailed cybersecurity risk assessment based on the NIST 800-171R2 Security framework, helped the company select a Managed Service Provider partner to assist with IT management and perform major IT infrastructure work, and then helped Cincinnati Crane implement new processes and installed equipment to improve cybersecurity.

After several months of cybersecurity process improvement work, Cincinnati Crane has demonstrable advanced capabilities to resist and recover from cybersecurity attacks. The company is also aligned to the NIST 800-171R2 security framework and is positioned to become CMMC compliant when C3PAO assessors are available. At the end of the project, the company is assessed to be compliant with more than 85% of the NIST 800-171 security controls. The open items are documented in a Plan Of Action & Milestones (POAM) with a detailed strategy for continuous cybersecurity process improvement. This regulatory compliance has allowed Cincinnati Crane to aggressively pursue and win additional DoD contracts.

Results

$2,631,380 in increased or retained sales
17 created or retained jobs
$40,580 in new investment
$32,860 in cost savings
$5,298 other

Congressional District

1st district

8th district

Download PDF

Download Success Story PDF

MEP Center Contact

77 South High St., 28th Floor
Columbus, OH 43215
United States

+1 (614) 582-7395

mep [at] development.ohio.gov

https://development.ohio.gov/business/manufacturing/ohio-manufacturing-extensio…

Created August 1, 2020, Updated July 16, 2022